Speakers
Synopsis
No matter what anyone might tell you, Microsoft 365 is not secure by default, and even less so once you let users, admins and guests into the mix. What's worse, it also holds a lot of sensitive information, and you can access it over the internet. This all adds up to it being a very juicy target for everyone from script kiddies to organised crime to nation-state actors.
Over the last few years our team have seen all manner of attacks targeting Microsoft 365, from simple password sprays to MFA bypasses, and some very sneaky impersonations. We've also seen what settings actually make a real-world difference to your security posture.
In this session I will run you through some attacker techniques we've seen and show you how they work - including the settings they exploit and the tricks they use to bypass security controls. But I'll also how to defeat them by enabling the right things (and turning off the things you don't want), keeping your users and data safe.
Some examples include:
- Brute force/credential stuffing/password sprays
- MFA bypasses by exploiting legacy authentication
- User impersonation and confusing the service desk
- Adding malicious apps to Entra ID
Note, while it helps to be familiar with the core concepts of Microsoft 365, this presentation doesn't assume you know what every setting does and where to find them - that's what I'm here to show you.
